CVE-2004-1466 - Unassayed Endeavors


The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted if the temporary directory is under the web root.